From owner-freebsd-isp Tue Oct 22 9: 5:26 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AF0237B401 for ; Tue, 22 Oct 2002 09:05:25 -0700 (PDT) Received: from post.xecu.net (post.xecu.net [216.127.136.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9FBC43E4A for ; Tue, 22 Oct 2002 09:05:24 -0700 (PDT) (envelope-from andy@xecu.net) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by post.xecu.net (Postfix) with ESMTP id 5ABEA4DC0; Tue, 22 Oct 2002 12:05:13 -0400 (EDT) Received: by thunder.xecu.net (Postfix, from userid 100) id 9FFB325276; Tue, 22 Oct 2002 12:05:10 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by thunder.xecu.net (Postfix) with ESMTP id 96A6625275; Tue, 22 Oct 2002 12:05:10 -0400 (EDT) Date: Tue, 22 Oct 2002 12:05:10 -0400 (EDT) From: Andy Dills To: Dexter McNeil Cc: freebsd-isp@freebsd.org Subject: Re: user account/password sync between machines? In-Reply-To: <20021021204543.GA14674@backtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 21 Oct 2002, Dexter McNeil wrote: > I've got a project that involves two identically configured machines that > are providing DNS and remote user SSH login. The systems are configured > such that the users log into 'host', with each machine's DNS server > returning it's IP address in response to a lookup of 'host'. The idea being > that if one machine goes down, the other machine will still respond to DNS > lookups and users will still be able to log in. All of this seems to work > nicely in testing. > > The remaining piece of my puzzle for this is a method of keeping the user > accounts sync'd between the two machines. I've looked into hacking up the > adduser.perl script to allow for remote operations on the master.passwd > file on the two machines (use a third machine to contain the master > database & publish it to the two remote machines), however I'm wondering > if anyone has found an easier solution to this type of problem. I'm not in > a position to implement RADIUS or LDAP at this point, the two machines > need to be self contained, except for an optional administration machine > who's availability (or not) won't impact the operation of the two login > servers. Dexter, you could use this rdist config file to achieve what you want, call it /rdist.cfg for the sake of this discussion: (/etc/master.passwd) -> ( othermachine.your.dom ) special "/usr/sbin/pwd_mkdb"; You'll need to get rshd working on othermachine.your.dom, with allowing root access. Or, if you aren't confident of the security of the network between, you can use ssh. Tack this onto /etc/crontab: * * * * * /usr/bin/rdist -f /rdist.cfg Or, if you decide to go with ssh: * * * * * /usr/bin/rdist -P /usr/bin/ssh -f /rdist.cfg Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message